Encoding content into a Hidden Field

I want to store some values I get using JavaScript/jQuery into a
Hidden Field so the Server can read it.

What are the limits of what I can put in a Hidden Field. Is anything/
everything ok as long as it gets some kind of HTML Encoding?

What can't put into a hidden field? Like for example, if I wanted to
use JavaScript to put a copy of the whole HTML document into a hidden
field is there any reason I can't do that? I'm curious what the
limits are.

Advertisements

Plinkerton wrote:
> I want to store some values I get using JavaScript/jQuery into a
> Hidden Field so the Server can read it.
>
> What are the limits of what I can put in a Hidden Field. Is anything/
> everything ok as long as it gets some kind of HTML Encoding?
>
> What can't put into a hidden field? Like for example, if I wanted to
> use JavaScript to put a copy of the whole HTML document into a hidden
> field is there any reason I can't do that? I'm curious what the
> limits are.

Is a hidden field an <input type="hidden"> element? There are no limits
when the form is submitted with the POST method. With the GET method
there have been limits reported for browsers not managing URLs longer
than 2 KBytes I think but I haven't tested with current browsers.

And you don't need your script to encode the value you set, the browser
will do when it submits the form.

Advertisements

Martin Honnen wrote:
> [...] With the GET method there have been limits reported for browsers
> not managing URLs longer than 2 KBytes I think but I haven't tested with
> current browsers.

K(ibi)Byte is not an viable unit to measure URI length; although eventually
converted to ASCII characters by the UA according to RFC3986, an unescaped
(assigned) URI string may contain characters that require multi-byte
encoding, such as those from Unicode beyond code point U+0079.

As for current browsers, according to Microsoft the restriction of maximum
2083 characters per URI applies to Internet Explorer version 7 as well. I
don't know whether that applies to the escaped URI or the original unescaped
one.

Share This Page

Welcome to The Coding Forums!

Welcome to the Coding Forums, the place to chat about anything related to programming and coding languages.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to ask questions about coding or chat with the community and help others.
Sign up now!